A digital signature may be used to provide proof of a document's authenticity of its approval by the signator. For example, a digital signature may be used to authenticate that a digital document was created by a particular person and that it has not been altered since it was created. The digital signature may be created, then appended to the document to be authenticated.
There are a number of methods that may be used to create a digital signature. One method uses a hash algorithm with public/private key encryption/decryption. The encryption/decryption is asymmetric; that is, a private key is used to encrypt a hash value, while a different, public key is used to decrypt the hash value. The private key is held securely by a single computer or encryption device, while the public key is provided by the computer to other computers for signature verification.
A digital signature may be produced from a byte stream indicative of the original document or file to be signed (referred to herein as “Doc”), using a hash algorithm H and an encryption function E as follows:Sig=E(H(Doc))
That is, the byte stream forming the document is hashed by the hash algorithm to produce a hash. The hash is therefore based on the document contents. The hash is encrypted to produce the digital signature.
Hash algorithms, such as the SHA-1 algorithm (Secure Hash Algorithm 1), generally produce a small (e.g., 160 bit) value using the byte stream of the original document.
The encryption function E uses a private key denoted by PrvKeysig to encrypt the hash value, which may then be decrypted by the corresponding public key. Encryption may be performed using a signing token such as a SmartCard. The signing token may store a private key and an encryption algorithm.
The digital signature may be verified by decrypting the digital signature using the corresponding public key and a decryption function D as follows: D(Sig)=H(Doc).
Like reference symbols in the various drawings indicate like elements.